Managing WSUS 3.0 from the Command Line
The wsusutil command-line utility is used in managing WSUS servers and is located in the WSUSInstallDir\Tools folder of WSUS servers. The table below summarizes the different parameters that can be used with this utility, and later sections explain the syntax and usage of each parameter.
注意
You can also use Windows® PowerShell® to access the WSUS 3.0 APIs from the command line.
Using the wsusutil utility
You must be an administrator to run the wsusutil utility. This utility is installed only on WSUS server machines, not on console-only installations.
注意
To see all wsusutil parameters, type wsusutil help on the command line. To see usage for each of the parameters, type wsusutil helpparameterName.
Summary of wsusutil Commands
Command | Description |
---|---|
configuressl | Updates the WSUS server registry key after the IIS configuration has changed. |
healthmonitoring | Configures health monitoring values in the database. If new values are not specified, the current values are displayed. |
export | Part of the export/import process used to synchronize a downstream WSUS without using a network connection. Exports update metadata to an export package file. You cannot use this parameter to export update files, update approvals, or server settings. |
import | The second part of the export/import process. Imports update metadata to a server from an export package file created on another WSUS server. This synchronizes the destination WSUS server without using a network connection. |
movecontent | Changes the file system location where the WSUS server stores update files, and optionally copies any update files from the old location to the new location |
listfrontendservers | Lists the front-end servers related to this WSUS server. |
deletefrontendserver | Deletes the specified front-end server from the WSUS database. |
checkhealth | Checks the health of the WSUS serve. Results will appear in the Application Event log. |
reset | Checks that every update metadata row in the database has corresponding update files stored in the file system. If update files are missing or have been corrupted, downloads the update files again. |
listinactiveapprovals | Returns a list of update titles with approvals that are in a permanently inactive state because of a change in server language settings. |
removeinactiveapprovals | Removes approvals for updates that are in a permanently inactive state because of a change in WSUS server language settings. |
usecustomwebsite | Changes the port number used by the WSUS Web services from 80 to 8530 or vice versa. |
Parameter | Description |
---|---|
ServerCertificateName | An optional parameter. When present, it provides the name in the Issued to field of the server certificate. |
Parameter | Description | ||
---|---|---|---|
**IntervalsInMinutes** *\[DetectInterval\] \[RefreshInterval\]* | Sets the values for detect and refresh intervals. If the detect interval is 0, the detect cycle will not run. If the refresh interval is 0, the refresh cycle will not run. For more information about the detect and refresh cycles, see [Health Monitoring in WSUS 3.0](https://technet.microsoft.com/2e8a4be2-43b2-4a2c-96f6-667c4558f18d). | ||
**DiskSpaceInMegabytes***\[ErrorLevel\] \[WarningLevel\]* | Sets the amount of available disk space (in megabytes) at which a low disk space warning or error event should be logged. | ||
**CatalogSyncIntervalInDays** *\[Days\]* | Sets the number of days that should have passed after synchronization before a warning event should be logged.. | ||
**InstallUpdatesInPercent** *\[WarningPercent\]\[ErrorPercent\]* | Sets the percentage of update installation failures at which a warning or error event should be given. | ||
**InventoryInPercen***\[WarningPercent\]\[ErrorPercent\]* | Sets the percentage of inventory reporting failures at which a warning or error should be given. | ||
**SilentClientsInPercent** *\[WarningPercent\]\[ErrorPercent\]* | Sets the percentage of clients not reporting to the server at which a warning or error should be given. | ||
**SilentClientsInDays** *\[Days\]* | Sets the number of days clients can fail to report before an error should be given. | ||
**TargetComputersInPercent** *\[WarningPercent\]\[ErrorPercent\]* | Sets the maximum percentage of target computers reporting to this server below which a warning or error event should be given. For example, if you set values of 80 and 60, a warning event will be logged if only 80 percent of computers have reported, and an error event will be logged if only 60 percent of computers have reported. | ||
**CheckAcls** *on|off* | If on, health monitoring should check ACLs on the relevant directories. | ||
**CheckForLowDiskSpace** *on|off* | If on, health monitoring should check for low disk space. | ||
**CheckForCatalogSyncFailures** *on|off* | If on, health monitoring should check for catalog synchronization failures. | ||
**CheckForContentSyncFailures** *on|off* | If on, health monitoring should check for content synchronization failures. | ||
**CheckForEmailNotificationFailures** *on|off* | If on, health monitoring should check for e-mail notification failures. | ||
**CheckSelfUpdate** *on|off* | If on, health monitoring should check for client self-update failures. | ||
**CheckClientsExist** *on|off* | If on, health monitoring should check whether this server has any clients. | ||
**CheckForUpdateInstallFailures** *on|off* | If on, health monitoring should check for update installation failures. | ||
**CheckForInventoryFailures** *on|off* | If on, health monitoring should check for clients failing to report inventory.. | ||
**CheckForSilentClients** *on|off* | If on, health monitoring should check for clients that have failed to report to the server. | ||
**CheckForTooManyClients** *on|off* | If on, health monitoring should check whether the number of clients is approaching the maximum number allowed. | ||
**CheckReportingWebService** *on|off* | If on, health monitoring should check the Reporting Web service. | ||
**CheckApiRemotingWebService** *on|off* | If on, health monitoring should check the API Remoting Web service. | ||
**CheckServerSyncWebService** *on|off* | If on, health monitoring should check the Server Synchronization Web service. | ||
**CheckClientWebService** *on|off* | If on, health monitoring should check the client Web service. | ||
**CheckSimpleAuthWebService** *on|off* | If on, health monitoring should check the Simple Authentication Web service. | ||
**CheckDssAuthWebService** *on|off* | If on, health monitoring should check the Downstream Server Authentication Web service. |
Output
The output from wsusutil paramName is usually the current state of the given parameter. Some examples are given below:
wsusutil healthmonitoring IntervalsInMinutes
Output:
Detect interval: 10 min, Refresh interval: 360 min
wsusutil healthmonitoring DiskSpaceInMegabytes
Output:
Error level: 200 MB, Warning level: 500 MB
However, with the parameters setting on or off the different health monitoring checks (for example, wsusutil healthmonitoringCheckAcls), the output will simply be a warning that the WSUS Service must be stopped and restarted for the change to take effect.
export
For more information about exporting and importing updates, see "Set Up a Disconnected Network (Import and Export Updates)" in Deploying Microsoft Windows Server Update Services (https://go.microsoft.com/fwlink/?linkid=79983).
Syntax
wsusutil export package logfile
Parameter | Description |
---|---|
package | The path and file name of the package .cab to create. |
logfile | The path and file name of the log file to create. |
Parameter | Description |
---|---|
package | The path and file name of the package .cab to import. |
logfile | The path and file name of the log file to import. |
注意
You can use xcopy, the Backup utility, or other methods to copy update files from the old location to the new one. If you copy the files by using a method other than wsusutil, you still need to run wsusutil to perform the second part of the move, using the -skipcopy parameter. See the "Syntax" section for more information.
There are two scenarios in which you might move update files from one WSUS drive to another:
- If the drive is full
- If the hard disk fails
If the drive is full
If the drive where WSUS stores update files is full, you can do one of the following:
- Add more space to your current drive by using NTFS functionality. This operation can be done without using wsusutil, because it does not affect WSUS configuration or operation.
- Install a new drive, and then move the update files from the old drive to the new location by using wsusutil.
If the hard disk fails
If the hard disk fails, you must do the following:
- Install the new disk on your computer, and then restore the update files from your backup files. Note: If you have not backed up your update files, WSUSutil.exe downloads the missing files at the end of the content move operation.
- Run wsusutil movecontent newLocation, specifying the location for the new disk. In addition, you specify the -skipcopy parameter, because you are either putting the files in the new folder through the backup utility or the source folder does not exist; the update files will be downloaded at the end of this process.
- When the move operation is complete, all the missing files are downloaded.
Syntax
wsusutil movecontent contentpath logfile -skipcopy
Parameter | Description |
---|---|
contentpath | The new root for content files. The path must exist. |
logfile | The path and file name of the log file to create. |
-skipcopy | Indicates that only the server configuration should be changed, and that the content files should not be copied. |
Parameter | Description |
---|---|
serverName | The name of the front-end server to be deleted. |